CVE-2020-15183
published 2020-09-17CVE-2020-15183: SoyCMS 3.0.2 and earlier is affected by Reflected Cross-Site Scripting (XSS) which leads to Remote Code Execution (RCE) from a known vulnerability. This allows…
PriorityP422medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
EPSS
1.75%
75.0th percentile
SoyCMS 3.0.2 and earlier is affected by Reflected Cross-Site Scripting (XSS) which leads to Remote Code Execution (RCE) from a known vulnerability. This allows remote attackers to force the administrator to edit files once the adminsitrator loads a specially crafted webpage.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| brassica | soy_cms | < 3.0.2.328 | 3.0.2.328 |
| inunosinsi | soycms | < 3.0.2.328 | 3.0.2.328 |
| soycms_project | soycms | <= 3.0.2 | — |
CVSS provenance
nvdv3.14.8MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/inunosinsi/soycms/commit/045a222016f99b56557b0d8f39bbfc653d2c4707https://github.com/inunosinsi/soycms/security/advisories/GHSA-33q6-4xmp-2f48https://youtu.be/uAMAwH35upshttps://github.com/inunosinsi/soycms/commit/045a222016f99b56557b0d8f39bbfc653d2c4707https://github.com/inunosinsi/soycms/security/advisories/GHSA-33q6-4xmp-2f48https://youtu.be/uAMAwH35ups
2020-09-17
Published